sr-users July 2005

sr-users@lists.kamailio.org

199 participants
544 discussions

by chenhui

Hi list, I have tried to configure radius function, and do step by step with the document "ser_radius". When I go to the step----root@/usr/local/src# radiusd -X, there produce a lot of debugging information and the following Errors -------------------------------------- Errors reading dictionary: dict_init: /usr/local/etc/raddb/dictionary[16]: Couldn't open dictionary "/usr/local/etc/radiusclient/dictionary.ser": No such file or directory Errors reading radiusd.conf -------------------------------------- I check the /usr/local/etc/radiusclient/dictionary.ser, it is got from the CVS web interface as described in 2.3 section of "ser_radius". And then, I add "#" before "$INCLUDE /usr/local/etc/radiusclient/dictionary.ser" in the file "/usr/local/etc/raddb/dictionary", and run "root@/usr/local/src# radiusd -X" again, there shows no errors. I don't know how to solve this problem and how to add the dictionary.ser into the default dictionary. Thanks!

18 years, 12 months

[Serusers] Destination Out Dur Price Context Channel in Channel out Account App

by fedora＠voice.dyndns.tv

>From 2000-07-21 14:47 to 2005-07-21 23:55 Date and time Username Source In Destination Out Dur Price Context Channel in Channel out Account App (Duration) 1 2005-07-21 16:06:41 8000 "Japan SIP" <8000> In 8992 06:18 default SIP/8000-1126 MusicOnHold (06:18) 2 2005-07-21 16:00:29 8000 "Japan SIP" <8000> In 8992 06:03 default SIP/8000-a6d3 MusicOnHold (06:03) 3 2005-07-21 15:59:25 8100 "8100" <8100> In 8992 01:21 default SIP/voice.dyndns.tv-08f14b38 MusicOnHold (01:21) 4 2005-07-21 15:58:27 8100 "8100" <8100> In 8991 01:52 default SIP/voice.dyndns.tv-08f3a150 MusicOnHold (01:52) 5 2005-07-21 15:57:41 8100 "8100" <8100> In 8990 01:31 default SIP/voice.dyndns.tv-08f14b38 Echo (01:31) 6 2005-07-21 15:56:59 8100 "8100" <8100> In 8800 09:33 default SIP/voice.dyndns.tv-08f1ec38 MeetMe (09:33) 7 2005-07-21 15:55:02 8100 "8100" <8100> In 8900 01:57 default SIP/voice.dyndns.tv-08f14b38 MeetMe (01:57) 8 2005-07-21 15:47:29 8000 "Japan SIP" <8000> In 500 03:13 default SIP/8000-895c IAX2/216.207.245.8:4569/1 Dial (03:13) 9 2005-07-21 15:47:08 8000 "Japan SIP" <8000> In 8900 00:17 default SIP/8000-6345 MeetMe (00:17) 10 2005-07-21 15:45:20 8000 "Japan SIP" <8000> In 8800 00:14 default SIP/8000-c645 MeetMe (00:14) 11 2005-07-21 15:43:18 8000 "Japan SIP" <8000> In # 01:48 default SIP/8000-f700 Hangup (01:49) 12 2005-07-21 15:36:12 8000 "Japan SIP" <8000> In 8700 00:29 default SIP/8000-a5d8 MeetMe (00:29) 13 2005-07-21 15:32:47 8000 "Japan SIP" <8000> In # 02:38 default SIP/8000-8491 Hangup (02:38) 14 2005-07-21 04:14:21 8000 "Japan SIP" <8000> In 8700 00:16 default SIP/8000-defe MeetMe (00:16) 15 2005-07-21 03:48:41 8000 "Japan SIP" <8000> In 500 01:59 default SIP/8000-2667 IAX2/216.207.245.8:4569/1 Dial (01:59) 16 2005-07-21 03:47:02 8000 "Japan SIP" <8000> In # 00:17 default SIP/8000-3057 Hangup (00:17) 17 2005-07-21 03:45:17 8000 "Japan SIP" <8000> In s 00:25 default SIP/8000-eb8e BackGround (00:25) 18 2005-07-21 03:45:12 8000 "Japan SIP" <8000> In 1234 00:02 default SIP/8000-747b VoiceMail (00:02) 19 2005-07-21 03:45:07 8000 "Japan SIP" <8000> In 500 00:02 default SIP/8000-a9c2 Playback (00:02) 20 2005-07-21 03:45:02 8000 "Japan SIP" <8000> In 600 00:03 default SIP/8000-fceb Playback (00:03) 21 2005-07-21 03:44:49 8000 "Japan SIP" <8000> In 8500 00:01 default SIP/8000-8966 VoiceMailMain (00:01) 22 2005-07-21 03:44:45 8000 "Japan SIP" <8000> In s 00:01 default SIP/8000-d854 BackGround (00:02) 23 2005-07-21 03:44:41 8000 "Japan SIP" <8000> In 8700 00:01 default SIP/8000-d31d MeetMe (00:01) 24 2005-07-21 03:44:38 8000 "Japan SIP" <8000> In 8800 00:01 default SIP/8000-f3c0 MeetMe (00:01) 25 2005-07-21 03:44:31 8000 "Japan SIP" <8000> In 8900 00:02 default SIP/8000-63a5 MeetMe (00:02)

18 years, 12 months

[Serusers] t_replicate and 'Credentials with given realm not found'

by Zen Kato

Hi, I have been testing 't_replicate' between two sers. serA: 192.168.0.3 serB: 192.168.0.12 serA's 'ser.cfg': .....(snip)..... modparam("auth_db|auth_diameter|group|uri_db|usrloc|registrar", "use_domain", 1) modparam("auth","secret","abcdef") ......(snip)..... if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("192.168.0.3", "subscriber")) { www_challenge("192.168.0.3", "0"); break; }; save("location"); # replicate to the backup server if(!src_ip==192.168.0.12){ log(1,"*** REPLICATE REGISTER REQUEST ****\n"); t_replicate("192.168.0.12","5060"); }; break; }; serB's 'ser.cfg': .....(snip).... modparam("auth_db|auth_diameter|group|uri_db|usrloc|registrar", "use_domain", 1) modparam("auth","secret","abcdef") modparam("usrloc","db_mode",1) ....(snip)..... if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("192.168.0.12", "subscriber")) { www_challenge("192.168.0.12", "0"); break; }; save("location"); break; }; serA could send "Request: REGISTER sip:192.168.0.3" from 192.168.0.3 to serB(192.168.0.12) by 't_replicate', but serB says: pre_auth(): Credentials with given realm not found as follows; ....(snip)..... 2(9571) SIP Request: 2(9571) method: <REGISTER> 2(9571) uri: <sip:192.168.0.3> 2(9571) version: <SIP/2.0> 2(9571) parse_headers: flags=1 2(9571) Found param type 232, <branch> = <z9hG4bK3dbc.a52cfe51.0>; state=16 2(9571) end of header reached, state=5 2(9571) parse_headers: Via found, flags=1 2(9571) parse_headers: this is the first via 2(9571) After parse_msg... 2(9571) preparing to run routing scripts... 2(9571) parse_headers: flags=128 2(9571) Found param type 232, <branch> = <z9hG4bKd686d524a54b3ed8>; state=16 2(9571) end of header reached, state=5 2(9571) parse_headers: Via found, flags=128 2(9571) parse_headers: this is the second via 2(9571) end of header reached, state=9 2(9571) DEBUG: get_hdr_field: <To> [23]; uri=[sip:114@192.168.0.3] 2(9571) DEBUG: to body [<sip:114@192.168.0.3> ] 2(9571) get_hdr_field: cseq <CSeq>: <101> <REGISTER> 2(9571) DEBUG:maxfwd:is_maxfwd_present: value = 16 2(9571) parse_headers: flags=256 2(9571) DEBUG: get_hdr_body : content_length=0 2(9571) found end of header 2(9571) find_first_route: No Route headers found 2(9571) loose_route: There is no Route HF 2(9571) grep_sock_info - checking if host==us: 11==12 && [192.168.0.3] == [192.168.0.12] 2(9571) grep_sock_info - checking if port 5060 matches port 5060 2(9571) grep_sock_info - checking if host==us: 11==12 && [192.168.0.3] == [192.168.0.12] 2(9571) grep_sock_info - checking if port 5060 matches port 5060 2(9571) grep_sock_info - checking if host==us: 11==12 && [192.168.0.3] == [192.168.0.12] 2(9571) grep_sock_info - checking if port 5060 matches port 5060 2(9571) grep_sock_info - checking if host==us: 11==12 && [192.168.0.3] == [192.168.0.12] 2(9571) grep_sock_info - checking if port 5060 matches port 5060 2(9571) parse_headers: flags=4096 2(9571) found end of header 2(9571) pre_auth(): Credentials with given realm not found 2(9571) build_auth_hf(): 'WWW-Authenticate: Digest realm="192.168.0.12", nonce="42dc3cad3841a0086c78df73d97f1671b9054aab" ' 2(9571) parse_headers: flags=-1 2(9571) check_via_address(192.168.0.3, 192.168.0.3, 0) 2(9571) DEBUG:destroy_avp_list: destroying list (nil) 2(9571) receive_msg: cleaning up -------- I cannot replicate serA's UA to serB. How should I do ? Regards, Zen

18 years, 12 months

[Serusers] Cisco pstn gw ignoring BYE from ser

by Jon Mansey

In the following scenario, it seems that ser may not be sending the BYE to the right port on the cisco, is that possible? The cisco is not registered with ser, it is a trusted IP. The DID is an alias for my softphone UID. This only happens for pstn-voip calls, when calling voip-pstn, ser always talks to the cisco on port 5060 and the BYE is obeyed, whichever end sends it first. call scenario dial DID from pstn phone cisco:51339 -> ser:5060 INVITE ser:5060 -> cisco:51339 100 trying ser:5060 -> cisco:51339 180 ringing softphone ringing ser:5060 -> cisco:51339 200 OK softphone answered cisco:53924 -> ser:5060 ACK call in progress, 2 way audio I hang up the softphone ser:5060 -> cisco:51339 BYE softphone says "hanging up" ser:5060 -> cisco:51339 BYE ser:5060 -> cisco:51339 BYE ser:5060 -> cisco:51339 BYE ser:5060 -> cisco:51339 BYE ser:5060 -> cisco:51339 BYE ser:5060 -> cisco:51339 BYE ser:5060 -> softphone:5060 TIMEOUT softphone says "hung up" pstn phone still off hook, call up still i hang up the pstn phone cisco:50580 -> ser:5060 BYE ser:5060 -> cisco:5060 OK ser:5060 -> cisco:51339 BYE So the cisco has used 3 different ports during this call, one for the INVITE, which ser then uses to send replies back to, but the ACK comes from a new port, and then the eventual BYE comes from a 3rd port. I can understand how the cisco tries not to be stateful and uses different ports for each message, but how is ser supposed to communicate back to it if not on the port used by the original INVITE? Perhaps it should only talk to the cisco on port 5060? If so how do I make it do that? Is the cisco misbehaving by using many different ports when it originates the sip call? Is that a known IOS bug perhaps? Help and wisdom appreciated, Jon

18 years, 12 months

[Serusers] How to test the connection of Radius and SER!

by zhu

Hello, guys: I set radius and ser. i made a call using xlite phone. But I did not see any records in mysql . Does anyone know how to monitor the process bewteen Radius and SER. Any help will be appreciated! zhu

18 years, 12 months

[Serusers] new stable release: ser 0.9.3

by Andrei Pelinescu-Onciul

ser 0.9.3 has just been released. This is the new ser stable version. The cvs stable branch is now rel_0_9_0. The new release can be downloaded from: ftp://ftp.berlios.de/pub/ser/0.9.3 ("official" source code, pre-compiled binaries for various architectures, packages for various operating systems; for more information see ftp://ftp.berlios.de/pub/ser/0.9.3/README). Before upgrading from an older version, please read ftp://ftp.berlios.de/doc/NEWS (or sip_router/doc/NEWS if you use cvs). If you use Debian, Jan has setup a ser apt repository. He will send a mail shortly with more details. Andrei

18 years, 12 months

RE: [Serusers] Problem authorizing with radius - Acc module compi lation problem

by Ricardo Martinez

You need to install radiusclient-ng http://developer.berlios.de/projects/radiusclient-ng/ Ricardo.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 16:22 Para: Ricardo Martinez; serusers(a)lists.iptel.org Asunto: RE: [Serusers] Problem authorizing with radius - Acc module compilation problem folks, still trying to make it work with freeradius...as given in the Radius-howto i modified the sip_router/modules/acc/Makefile and uncommented the lines containing: DEFS+=-DRAD_ACC LIBS=-L$(LOCALBASE)/lib -lradiusclient now when i try to do make install (after make proper and make all), it gives me the following error /usr/bin/ld: cannot find -lradiusclient any clue?? cheers.. naresh Ricardo Martinez <rmartinez(a)redvoiss.net> wrote: Hello. Mmmhh, are you sure you modified the de www_challenge for the proxy_challenge in the ser.cfg file?. I use RADIATOR as my Radius Server so i'm not very familiarized with freeRadius. But for the debug it seems to be an error maybe with the configuration from the Radius Server? For example , is normal this : Invalid operator for item Suffix: reverting to '==' ? Maybe somone that uses freeRadius could give you more details. To accounting i use Radiator but working together with an Oracle Database, i use the Start and Stop message from SER to bill the call. Regards, Ricardo Martinez.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 13:09 Para: Ricardo Martinez; serusers(a)lists.iptel.org Asunto: RE: [Serusers] Problem authorizing with radius Hi Ricardo, Tried it. It still gives me the same error. Please let me know the version of the radius server you are using.?? Also can you please let me know wht did u do to make the accounting work...?? Best Regards, Naresh Ricardo Martinez <rmartinez(a)redvoiss.net> wrote: Hello Naresh. I guess there is an error in the way you call the authorization for the INVITE. As far as i know for the REGISTER message (authentication) you need the statement : radius_www_authorize But for the INVITE you need to call "radius_proxy_authorize". This is what i have in my ser.cfg if (method=="INVITE") { if (!radius_proxy_authorize("")) { proxy_challenge("","1"); break; }; }; maybe you can try this and tell me how it works. Good luck Ricardo Martinez.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 12:10 Para: Ricardo Martinez; serusers(a)lists.iptel.org Asunto: RE: [Serusers] Problem authorizing with radius Hi Ricardo, We are using freeradius server 0.9.1 and SER 0.9.3. The version of radius client is radiusclient-ng-0.5.1. The users file in the radius server looks like as below: test(a)sip2.zone <mailto:test@sip2.zone> Auth-Type := Digest, User-Password == "cisco1234" Reply-Message = "Authenticated", Sip-Rpid = "1970" test(a)sip2.zone <mailto:test@sip2.zone> Auth-Type := Accept Reply-Message = "Authorized", Sip-Group == "ld" The radius authentication and authorization parts in the ser.cfg file are given below: if (uri=~"^sip:9[0-9]*@") { if (method=="INVITE"){ if (!radius_www_authorize("")) { www_challenge("", "1"); break; }else{ if (radius_is_user_in("Credentials", "ld")){ forward(192.168.2.101,5060); break; }else{ break; }; }; }; }; And finally the error is as below: Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "test" Digest-Realm = "sip2.zone" Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2" Digest-URI = "sip:94161000@sip2.zone" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "0000000a" Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok rlm_realm: Looking up realm "sip2.zone" for User-Name = " test(a)sip2.zone <mailto:test@sip2.zone> " rlm_realm: No such realm "sip2.zone" modcall[authorize]: module "suffix" returns noop users: Matched entry test(a)sip2.zone <mailto:test@sip2.zone> at line 226 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type Digest auth: type "digest" modcall: entering group authenticate A1 = test:sip2.zone:cisco1234 A2 = INVITE:sip:94161000@sip2.zone KD = 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:00 00000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae 2 modcall[authenticate]: module "digest" returns ok modcall: group authenticate returns ok radius_xlat: 'Authenticated' Login OK: [test(a)sip2.zone/<no User-Password attribute>] (from client proxy port 5060) Sending Access-Accept of id 203 to 192.168.2.1:32831 Reply-Message = "Authenticated" Sip-Rpid = "1970" Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204, length=53 User-Name = "test" Sip-Group = "ld" Service-Type = Group-Check NAS-IP-Address = 192.168.2.1 NAS-Port = 0 modcall: entering group authorize Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop modcall[authorize]: module "digest" returns noop rlm_realm: No '@' <mailto:'@'> in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop modcall[authorize]: module "files" returns notfound modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [test/<no User-Password attribute>] (from client proxy port 0) Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... As you can see from the above configuration, the authentication works perfect, its only in the authorization where it fails. Also can you please let me know about the accounting configuration?? Thanks a lot.. Naresh Ricardo Martinez <rmartinez(a)redvoiss.net> wrote: Hello Naresh I have authentication, authorization and accounting (AAA) through radius working fine. What radius server are you using?, can you send us more information about the configuration? Cheers, Ricardo.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 10:37 Para: serusers(a)lists.iptel.org Asunto: [Serusers] Problem authorizing with radius hi friends, I am having problems while authorizing with the radius server. I am using the same configuration as mentioned in the radius-howto. Authentication works perfect as I am able to authenticate using the radius server. However while authorizing against the radius server to make a call I get the following error: auth: No authenticate method (Auth-Type) configuration found for the user request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 When I authorize against the mysql database, it works fine. Any clue??? Best Regards, Naresh __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _____ Start <http://us.rd.yahoo.com/evt=34442/*http://www.yahoo.com/r/hs> your day with Yahoo! - make it your home page __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

18 years, 12 months

RE: [Serusers] Problem authorizing with radius - Acc module compilation problem

by Naresh Parmar

folks, still trying to make it work with freeradius...as given in the Radius-howto i modified the sip_router/modules/acc/Makefile and uncommented the lines containing: DEFS+=-DRAD_ACCLIBS=-L$(LOCALBASE)/lib -lradiusclient now when i try to do make install (after make proper and make all), it gives me the following error /usr/bin/ld: cannot find -lradiusclient any clue?? cheers.. naresh Ricardo Martinez <rmartinez(a)redvoiss.net> wrote:Hello. Mmmhh, are you sure you modified the de www_challenge for the proxy_challenge in the ser.cfg file?. I use RADIATOR as my Radius Server so i'm not very familiarized with freeRadius. But for the debug it seems to be an error maybe with the configuration from the Radius Server? For example , is normal this : Invalid operator for item Suffix: reverting to '==' ? Maybe somone that uses freeRadius could give you more details. To accounting i use Radiator but working together with an Oracle Database, i use the Start and Stop message from SER to bill the call. Regards, Ricardo Martinez.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 13:09 Para: Ricardo Martinez; serusers(a)lists.iptel.org Asunto: RE: [Serusers] Problem authorizing with radius Hi Ricardo, Tried it. It still gives me the same error. Please let me know the version of the radius server you are using.?? Also can you please let me know wht did u do to make the accounting work...?? Best Regards, Naresh Ricardo Martinez <rmartinez(a)redvoiss.net> wrote: Hello Naresh. I guess there is an error in the way you call the authorization for the INVITE. As far as i know for the REGISTER message (authentication) you need the statement : radius_www_authorize But for the INVITE you need to call "radius_proxy_authorize". This is what i have in my ser.cfg if (method=="INVITE") { if (!radius_proxy_authorize("")) { proxy_challenge("","1"); break; }; }; maybe you can try this and tell me how it works. Good luck Ricardo Martinez.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 12:10 Para: Ricardo Martinez; serusers(a)lists.iptel.org Asunto: RE: [Serusers] Problem authorizing with radius Hi Ricardo, We are using freeradius server 0.9.1 and SER 0.9.3. The version of radius client is radiusclient-ng-0.5.1. The users file in the radius server looks like as below: test(a)sip2.zone Auth-Type := Digest, User-Password == "cisco1234" Reply-Message = "Authenticated", Sip-Rpid = "1970" test(a)sip2.zone Auth-Type := Accept Reply-Message = "Authorized", Sip-Group == "ld" The radius authentication and authorization parts in the ser.cfg file are given below: if (uri=~"^sip:9[0-9]*@") { if (method=="INVITE"){ if (!radius_www_authorize("")) { www_challenge("", "1"); break; }else{ if (radius_is_user_in("Credentials", "ld")){ forward(192.168.2.101,5060); break; }else{ break; }; }; }; }; And finally the error is as below: Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "test" Digest-Realm = "sip2.zone" Digest-Nonce = "42de75b2e9e39194a286e8ccd284646ffa14bcc2" Digest-URI = "sip:94161000@sip2.zone" Digest-Method = "INVITE" Digest-QOP = "auth" Digest-Nonce-Count = "0000000a" Digest-CNonce = "753F926DB8F5415D8D56EE7816410E33" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok rlm_realm: Looking up realm "sip2.zone" for User-Name = "test(a)sip2.zone" rlm_realm: No such realm "sip2.zone" modcall[authorize]: module "suffix" returns noop users: Matched entry test(a)sip2.zone at line 226 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type Digest auth: type "digest" modcall: entering group authenticate A1 = test:sip2.zone:cisco1234 A2 = INVITE:sip:94161000@sip2.zone KD = 53d3b82970bada131a062103f553b8b8:42de75b2e9e39194a286e8ccd284646ffa14bcc2:0000000a:753F926DB8F5415D8D56EE7816410E33:auth:18227b358ffe96049a3745eeb449fae2 modcall[authenticate]: module "digest" returns ok modcall: group authenticate returns ok radius_xlat: 'Authenticated' Login OK: [test(a)sip2.zone/<no User-Password attribute>] (from client proxy port 5060) Sending Access-Accept of id 203 to 192.168.2.1:32831 Reply-Message = "Authenticated" Sip-Rpid = "1970" Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.1:32831, id=204, length=53 User-Name = "test" Sip-Group = "ld" Service-Type = Group-Check NAS-IP-Address = 192.168.2.1 NAS-Port = 0 modcall: entering group authorize Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "chap" returns noop rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop modcall[authorize]: module "digest" returns noop rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop modcall[authorize]: module "files" returns notfound modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [test/<no User-Password attribute>] (from client proxy port 0) Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... As you can see from the above configuration, the authentication works perfect, its only in the authorization where it fails. Also can you please let me know about the accounting configuration?? Thanks a lot.. Naresh Ricardo Martinez <rmartinez(a)redvoiss.net> wrote: Hello Naresh I have authentication, authorization and accounting (AAA) through radius working fine. What radius server are you using?, can you send us more information about the configuration? Cheers, Ricardo.- -----Mensaje original----- De: Naresh Parmar [mailto:naresh_parmar14@yahoo.com] Enviado el: Miércoles, 20 de Julio de 2005 10:37 Para: serusers(a)lists.iptel.org Asunto: [Serusers] Problem authorizing with radius hi friends, I am having problems while authorizing with the radius server. I am using the same configuration as mentioned in the radius-howto. Authentication works perfect as I am able to authenticate using the radius server. However while authorizing against the radius server to make a call I get the following error: auth: No authenticate method (Auth-Type) configuration found for the user request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 When I authorize against the mysql database, it works fine. Any clue??? Best Regards, Naresh __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------- Start your day with Yahoo! - make it your home page __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

18 years, 12 months

Re: [Serusers] ACK

by Sebastian Kühner

Hi! Thanks for your question ;-) I'm using Slackware... ----- Original Message ----- From: "harry gaillac" <gaillacharry(a)yahoo.fr> To: "Sebastian Kühner" <skuehner(a)veraza.com> Sent: Wednesday, July 20, 2005 5:07 PM Subject: Re: [Serusers] ACK > What's your distro Debian, .. ? > > --- Sebastian Kühner <skuehner(a)veraza.com> a écrit : > > > It should... but it doesn't. I have ser 0.9.0 and > > the latest rtpproxy > > version. > > > > WARNING: rtpp_test: can't get version of the RTP > > proxy > > > > > > > > > > ----- Original Message ----- > > From: "harry gaillac" <gaillacharry(a)yahoo.fr> > > To: "Sebastian Kühner" <skuehner(a)veraza.com> > > Sent: Wednesday, July 20, 2005 1:44 PM > > Subject: Re: [Serusers] ACK > > > > > > > your rtpproxy should work ! > > > > > > --- Sebastian Kühner <skuehner(a)veraza.com> a écrit > > : > > > > > > > Hi, > > > > > > > > Ok, my rtpproxy doesn't work, so I try it with > > STUN. > > > > When I look at my > > > > SIP-messages I get the information, that the > > audio > > > > stream has to go through > > > > my public IP... but I don't hear anything (I > > have > > > > the volume on maximum). > > > > > > > > The Invite comes with this message: > > > > > > > > v=0. > > > > o=- 3330865830 3330865830 IN IP4 > > xxx.xxx.xxx.xxx. > > > > <-- Public IP > > > > s=SJphone. > > > > c=IN IP4 xxx.xxx.xxx.xxx <-- > > > > Public IP > > > > t=0 0. > > > > a=direction:active. > > > > m=audio 16482 RTP/AVP 3 8 0 101. > > > > a=rtpmap:3 GSM/8000. > > > > a=rtpmap:8 PCMA/8000. > > > > a=rtpmap:0 PCMU/8000. > > > > a=rtpmap:101 telephone-event/8000. > > > > a=fmtp:101 0-11,16. > > > > > > > > Doesn't that mean, that the audio-stream has to > > go > > > > through my public IP now? > > > > Both sides doesn't hear anything... > > > > > > > > What's wrong? > > > > > > > > Sebastian > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Greger V. Teigre" <greger(a)teigre.com> > > > > To: "Sebastian Kühner" <skuehner(a)veraza.com>; > > > > <serusers(a)lists.iptel.org> > > > > Sent: Wednesday, July 20, 2005 2:24 AM > > > > Subject: Re: [Serusers] ACK > > > > > > > > > > > > > Sebastian, > > > > > I know many people don't like STUN. However, I > > > > have good experiences with > > > > > STUN and prefer to use STUN as a "first layer > > > > defence." For many NATs I > > > > > then avoid the proxying. However, there are > > some > > > > things that can go wrong: > > > > > For one, you need to make sure that the STUN > > > > server is running correctly > > > > on > > > > > two ports and two IP addresses. If you for > > example > > > > have a firewall > > > > blocking > > > > > one port, STUN will give the wrong result. But > > the > > > > biggest problem can be > > > > > faulty STUN implementations in the EUCs. They > > > > normally behave ok for the > > > > > most standard NATs, but there are some > > > > non-standard NATs and the EUC's > > > > > behavior can be unpredictable. Also, some > > EUCs > > > > try to rewrite the IP:port > > > > > even if they are behind a symmetric NAT (or if > > the > > > > STUN server is not > > > > > correctly set up, the EUC will conclude with > > the > > > > wrong result). > > > > > If you know the clients you are going to > > use, > > > > you can test and limit > > > > the > > > > > problems and STUN can be a great cost saver! > > If > > > > your gateway supports > > > > > active media (direction=active), then you only > > > > have IP-2-IP phone calls to > > > > > proxy. > > > > > > > > > > To your question: Sipura has a good > > implementation > > > > of STUN, but has MANY > > > > > options for NAT. Your problem is that the RTP > > and > > > > RTCP is not traversing > > > > the > > > > > NAT to your Sipura. Either you don't force > > > > proxying in onreply for OKs, > > > > or > > > > > something goes wrong. An ngrep trace of the > > call > > > > setup will reveal what > > > > the > > > > > problem can be. > > > > > g-) > > > > > > > > > > Sebastian Kühner wrote: > > > > > > Thank you Nils, > > > > > > > > > > > > Now it's working better! > > > > > > > > > > > > The problem that I have now is that I don't > > hear > > > > anything if I call > > > > > > from the SIPURA to a Gateway, but the callee > > is > > > > hearing me. > > > > > > > > > > > > What could be the problem of that one-way > > > > conversation? Had anyone of > > > > > > you the same problem using a Restricted Cone > > > > NAT? > > > > > > > > > > > > Thanks! > > > > > > > > > > > > Sebastian > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Nils Ohlmeier" <lists(a)ohlmeier.org> > > > > > > To: <serusers(a)lists.iptel.org> > > > > > > Cc: "Sebastian Kühner" <skuehner(a)veraza.com> > > > > > > Sent: Tuesday, July 19, 2005 3:58 PM > > > > > > Subject: Re: [Serusers] ACK > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > On Tuesday 19 July 2005 20:53, Sebastian > > Kühner > > > > wrote: > > > > > >> I have two phones behind a Port Restricted > > Cone > > > > NAT (both in the same > > > > > >> private area) and ser is running with > > another > > > > public IP. > > > > > >> > > > > > >> I want to call from one of those phone to > > the > > > > other. The call is set > > > > > >> up and I can talk, but one Softphone shows > > me > > > > the message: "Waiting > > > > > >> acknowledgement..."... and all followed SIP > > > > messages don't reach the > > > > > >> other phone. I'm using a STUN server. > > > > > >> > > > > > >> Call from 14@xxx.xxx.xxx.xxx:5060 to > > > > 13@xxx.xxx.xxx.xxx:1024: > > > > > >> > > > > > >> 14 -> ser: > > > > > >> ---------- > > > > > >> IVITE 13@ip.of.ser.xxx@5060 (Contact: > > > > 14@192.168.1.101:5060) > > > > > >> > > > > > >> ser -> 13: > > > > > >> ---------- > > > > > >> INVITE 13@xxx.xxx.xxx.xxx:1024 (Contact: > > > > 14@xxx.xxx.xxx.xxx:5060) > > > > > > > > > > > > sorry but what do you use STUN for if the > > UAs > > > > still use their private > > > > > > IPs and > > > > > > your SER is re-writting the Contact? If you > > > > allready fixing the IP it > > > === message truncated === > > > > > > > > ___________________________________________________________________________ > Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger > Téléchargez cette version sur http://fr.messenger.yahoo.com >

18 years, 12 months

[Users] MediaProxy docs

by Bogdan-Andrei Iancu

Hi folks, MediaProxy docs were converted to SGML -> see the online page http://www.openser.org/docs/modules/0.10.x/mediaproxy.html. regards, Bogdan

18 years, 12 months

← Newer
1
...
16
17
18
19
20
21
22
...
55
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users July 2005